A Review on Learning-based Detection Approaches of the Kernel-level Rootkit

Nadim, Mohammad; Akopian, David; Lee, Wonjun

doi:10.1109/iceet53442.2021.9659710

Cited by 3 publications

(2 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rootkits [54] are suspected to be the biggest threat and major security vulnerability in protecting user data. This malware is designed or installed in such a way that it cannot be easily detected by anti-malware software and can stop the detection methods by exploiting the vulnerabilities of system software [55]. Intruders can take control of the user system unexpectedly and modify the user security information.…”

Section: Integrity Attackmentioning

confidence: 99%

Blockchain-Enabled Cybersecurity Provision for Scalable Heterogeneous Network: A Comprehensive Survey

Shohidul Islam,

Arafatur Rahman,

Ariff Bin Ameedeen

et al. 2024

Computer Modeling in Engineering &Amp; Sciences

View full text Add to dashboard Cite

Blockchain-enabled cybersecurity system to ensure and strengthen decentralized digital transaction is gradually gaining popularity in the digital era for various areas like finance, transportation, healthcare, education, and supply chain management. Blockchain interactions in the heterogeneous network have fascinated more attention due to the authentication of their digital application exchanges. However, the exponential development of storage space capabilities across the blockchain-based heterogeneous network has become an important issue in preventing blockchain distribution and the extension of blockchain nodes. There is the biggest challenge of data integrity and scalability, including significant computing complexity and inapplicable latency on regional network diversity, operating system diversity, bandwidth diversity, node diversity, etc., for decision-making of data transactions across blockchain-based heterogeneous networks. Data security and privacy have also become the main concerns across the heterogeneous network to build smart IoT ecosystems. To address these issues, today's researchers have explored the potential solutions of the capability of heterogeneous network devices to perform data transactions where the system stimulates their integration reliably and securely with blockchain. The key goal of this paper is to conduct a state-of-the-art and comprehensive survey on cybersecurity enhancement using blockchain in the heterogeneous network. This paper proposes a full-fledged taxonomy to identify the main obstacles, research gaps, future research directions, effective solutions, and most relevant blockchain-enabled cybersecurity systems. In addition, Blockchain based heterogeneous network framework with cybersecurity is proposed in this paper to meet the goal of maintaining optimal performance data transactions among organizations. Overall, this paper provides an in-depth description based on the critical analysis to overcome the existing work gaps for future research where it presents a potential cybersecurity design with key requirements of blockchain across a heterogeneous network.

show abstract

Section: Integrity Attackmentioning

confidence: 99%

Blockchain-Enabled Cybersecurity Provision for Scalable Heterogeneous Network: A Comprehensive Survey

Shohidul Islam,

Arafatur Rahman,

Ariff Bin Ameedeen

et al. 2024

Computer Modeling in Engineering &Amp; Sciences

View full text Add to dashboard Cite

show abstract

“…The decryptor's small size compared to the main body reduces detection probability. Encryption complexity ranges from basic operations to strong encryption methods [22], [23], [27]. • Oligomorphism and polymorphism: the encryption technique's limitation lies in the constant decryptor across exploitations, enabling detection based on code patterns.…”

Section: Malware Fundamentalsmentioning

confidence: 99%

A Survey on Hardware-Based Malware Detection Approaches

Chenet,

Savino,

Di Carlo

2024

IEEE Access

View full text Add to dashboard Cite

This paper delves into the dynamic landscape of computer security, where malware poses a paramount threat. Our focus is a riveting exploration of the recent and promising hardware-based malware detection approach. Leveraging modern processors' hardware performance counters and machine learning prowess, this approach brings forth compelling advantages such as real-time detection, resilience to code variations, minimal performance overhead, protection disablement fortitude, and cost-effectiveness. Navigating through a generic hardware-based detection framework, we meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours. This survey is not only a resource for seasoned experts but also an inviting starting point for those venturing into the field of malware detection. However, challenges emerge on this exciting journey. We grapple with the imperative of accuracy improvements and strategies to address the remaining classification errors. The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.

show abstract

Volatile Kernel Rootkit hidden process detection in cloud computing

2023

J Cloud Comp

View full text Add to dashboard Cite

The rootkit industry has advanced significantly in the last decade. Attackers want to leave a backdoor for quick reoccurring exploits rather than launching the traditional one-time worm/virus attacks. Meanwhile, as intrusion detection technologies improve, rootkits have grown in popularity. For the attackers to succeed, stealth becomes critical. The primary function of rootkits is to provide stealth. The modifications a rootkit makes conceal the presence of a rootkit. Determining the presence of mutation rootkits was quite challenging. Attackers can silently alter volatile (processes) and non-volatile (files) with the aid of rootkits without being noticed. We suggested the VKRHPDV (Volatile Kernel Rootkit Hidden Process Detection) framework to find the hidden techniques. This system includes process monitors, process comparison analysts, and contaminated process data gathering. Process monitoring is nothing more than clean process collection in the absence of rootkits, whereas pure process collection has been corrupted by rootkit injection. The process analyzer compares clean and tainted processes, some of which were concealed. VKRHPDV can identify process hiding behaviors in all datasets in the shortest period, according to the findings of an extensive performance analysis carried out on 64 rootkit datasets for each UNIX and Windows kernel in a cloud environment.

show abstract

A Review on Learning-based Detection Approaches of the Kernel-level Rootkit

Cited by 3 publications

References 28 publications

Blockchain-Enabled Cybersecurity Provision for Scalable Heterogeneous Network: A Comprehensive Survey

Blockchain-Enabled Cybersecurity Provision for Scalable Heterogeneous Network: A Comprehensive Survey

A Survey on Hardware-Based Malware Detection Approaches

Volatile Kernel Rootkit hidden process detection in cloud computing

Contact Info

Product

Resources

About